Posted
by
Zonkon Saturday November 04, 2006 @02:34PM
from the better-than-a-kick-in-the-pants dept.

An anonymous reader writes "Wired is reporting that government regulators have fined rogue adware distributor Zango (formerly 180Solutions) $3 million. This is 'following charges that the company deceived internet users into installing its pop-up software and tried to prevent them from uninstalling it.' ZDNet mentions that 'Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors rather than the software manufacturer itself.' Security researchers are still happily finding examples of Zango software being popped open in rogue distributions such as IM worms. Ben Edelman is claiming to have more evidence of their dubious business practices, casting into question their claims of newfound affiliate responsibility."

I'm not sure of how it works, exactly, but they make most of their money from hi-jacking affiliate sales.For instance, if they have a popup that redirects you to a specific URL at Amazon.com, then for the next 45 or 90 days anything you buy at Amazon.com gets credited to them as an affiliate, even if you go directly to their site.

Commission Junction tracks stuff for 45 days the same way.

Consider how much money will be spent at Amazon.com for the next 90 days (holiday season) and how widespread their adware

For instance, if they have a popup that redirects you to a specific URL at Amazon.com, then for the next 45 or 90 days anything you buy at Amazon.com gets credited to them as an affiliate, even if you go directly to their site.

I don't think that's correct. For instance, just the other day I had someone follow this link [amazon.com]. They didn't buy anything right then, but a few hours later they went directly to it and bought something, and I didn't get any credit. But of course maybe I made a mistake in constructing

Well, that could be for 2 reasons:1. Amazon may have stopped the 45 day thing as part of their fraud prevention. 45 - 90 days is still very common (if not the standard) for affiliate payouts. I couldn't find it mentioned on their site.

2. The person that followed that link had cookies turned off, cleared their cookies, used a different browser or computer the second time, etc.

3. As the original post discussed, the persons computer could have had malware that hijacked the sale, taking credit for it. It

Thanks for the detailed reply. I don't do much with affiliate stuff - just a few friends who follow my link when they go to Amazon - so I'm fairly ignorant about the whole thing. When one of them told me he was going to buy a MacBook Pro, and asked me what I thought he should choose, I constructed that link for him, and explained that if he followed it I'd get some small kickback out of it. He did, but I didn't. The only thing he did was not buy it until the next day.

Well, if that's true then I'm thinking I have to get into the browser hijacking business! Anyone know a security flaw in Firefox that will let me do that;)

Seriously though, if Amazon, for instance, stopped allowing referrals over the holiday season (now till boxing day) then not only would they be saving big money, but nearly all referral schemes would be pretty much shut down (assuming all Amazon-style sites did this of course). But then would you presume that Amazon would loose some holiday profit from

Add/Remove programs doesn't work on the 180Solutions software. It'd be nice if it did, but in some cases it pretends to do something (while in reality doing nothing), in other cases it tells you to go to a web site to get the removal software (which you either never get or doesn't work), or it just tells you that this software cannot be removed.It's been awhile since I've had to deal with this crap (I've been fortunate in that I haven't seen it on any computers I've had to fix in over 2 years--actually, I h

Malware != regulare software. It doesn't have an uninstaller and due to security problems with IE and Windows installs itself--so it's not really a choice of the user (other than not using IE and Windows of course--hence why I haven't had to deal with this for over 2 years). Now stop trolling.

If you don't like their uninstaller don't install it? Are you crazy? This stuff gets installed illegally most of the time. I own a small business and I clean this stuff all the time. The 180 solutions and Zango is some of the worst violators and some of the hardest to remove. When I question how it got installed the customers have no idea.These people didn't get fined $3 million for doing legit installs bro. They've been fined for installing it in a rogue way and then of course, for the illegal action

Ya know, this is one of those cases where intent matters quite a bit, as does notice.If a developer makes software which is intentionally difficult to uninstall and fails to effectively notify potential users of this property, there are arguably elements of fraud going on. There's also the common-sense test as to whether the license agreement which the user submits to does in fact provide something of value to each party and is not so one-sided as to be innately unreasonable. (There's a specific term, but

People who suffer actual damages from these programs should start bringing lawsuits against them.

The problems here are:

1: It's hard to prove actual damages.
2: It's hard to identify the company to sue.
3: It's hard sue a company in small claims court that isn't in your county, let alone your state.
4: It's hard to serve them properly.
5: It's hard to defeat their argument that you agreed to a click-through license in allowing the install.
6: It's hard to collect, even if you win!

Yeah, I'd like to be a mouse in the corner when the FTC tries to collect. The FTC needs the authority to add another mill a day for every day they drag their feet writing the check IMNSHO. Or the legal ability to audit, and THEN set the fine at about 100k more per person in a responsible position within the company than they have in assets so the CEO's of such questionable operations lose their beemers and boats, maybe even their houses at sheriffs sale.

Advertisers know exactly what is going on with their dollars when they hire a company to distribute their ads, etc. The way to clear this up is to allow people to sue the advertisers. That'll stop it quickly. I remember, there's some site that has a wall of shame (or something like that) about advertisers who are doing business with these malware groups. That needs to be made more public.

Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors

Yeah. And Pfizer isn't responsible for the spam sent by the third party distributors that they turn a blind eye to, and that they "don't control".

#1, you *had* third party distributors.#2, you did nothing when they started doing Bad Things.#3, you specifically set up the relationship in a way where they could basically do whatever they liked. If they did Bad Things, you would say "Shock! H

If they were innocent they would make an easy and safe removal tool as widely available as possible. And this tool should block any further attempts to reinstall the software as part of the removal process. Also...

'Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors rather than the software manufacturer itself.

Oh, isn't that clever. Point the finger. Not our fault. Get a clue stick folks. Nobody works to sneak software onto a user's system that they're not getting paid for doing. If Zango were to actually stop paying for any further installs by anyone this problem would quickly go away. In addition, the software certainly has to contact Zango servers for updates and ads to display. Have your servers refuse to accept connections from any previous versions of your software, rendering it effectively toothless before you give me your poor me tales of woe.

Better yet, use your software to advertise the removal tool referenced above to all current users.

And Dear FCC, go after the advertisers who have used Zango to flog their wares. A few hundred thousand in fines here, and a few hundred thousand there, and the message will get out while you're reducing the government deficit in the process.

The plain truth is, there are some business models that DO NOT DESERVE to survive.

The uninstaller should prevent another installation of the software? Just playing devil's advocate here, but that's a much higher standard you are setting them up against than just about any other software.For one thing, what if this was Firefox. Should the uninstaller set up up so that if you uninstall Firefox once, it should never be installed on the computer again?

Then again, how should the uninstaller do that without leaving bits in the registry or a program directory? And wouldn't you want an uninst

... there are some business models that DO NOT DESERVE to survive.....

In America. Once they are no longer based in the US we (for the most part) can't touch them. Fining them doesn't really solve the problem... just makes it go elsewhere. Still, as long as they are dumb enough to operate this kind of business in America might as well get our punches in while we can.

Ok while I'm not usually one to complain about the form of the message your excessive use of the bold tag is more than a little annoying. When you emphasize every other statement in your document the emphasis kind of loses it's meaning.

Seriously man, just type out what you want to say. The bolding does nothing but make it harder to read.

>And Dear FCC, go after the advertisers who have used Zango to flog their wares. A few hundred thousand in fines here, and a few hundred thousand there, and the message will get out while you're reducing the government deficit in the process.

Oh that would be great. Companies would make advertisers sign ethical agreement. No more viral or guerilla marketing either. Ethics and advertising? I'm not holding my breath. Something tells me many companies (especially small web-based ones) like it this way.

i say, people who aren't smart enough to not install those "free screen savers" and "blackjack casino" games deserve to have their computers thrashed by ad ware. maybe they'll learn the lesson when 100 pop-ups launch every time they click on the blue "e" thing.
same goes to the people who still believe that they can get a free alienware laptop by filling out surveys and "browsing" the web.

the "they deserve it" train of thought sucks, because while they *might* indeed deserve it, they're also likely made part of a botnet that then goes performing DoS attacks, spamming and scanning for exploits. Ultimately they just screw the net up for everyone else, so its in everyone's best interest to not only protect these people but go after the idiots pushing this stuff.

Yeah sure, they deserve it. Anyone that thinks that they might be able to download something cool from the Internet for free *deserves* to have their machine maliciously invaded and "thrashed". That's what they get for believing something that is offered to them.Also, every random grandma got cleaned out by a phishing scam also deserves it. I'm sure that dumb old bag deserved it.. couldn't she see that the url was an IP address and not really her bank?

the problem isn't the phishing websites. it's the stupid/old/'technophobic' people. those who can't safely use the technology, they shouldn't be allowed to. but of course we're not to allow/disallow that basic right to them. don't blame the phishers - they are just taking advantage of the stupid people. it's a jungle and life is the survival of the fittest. let's not be on the stupid people's side, please???
and yes, if grandma can't tell the d

That's a pretty strong comparison to say that an old person getting swindled by another person who is directly trying to deceive them is the same thing as an old person not knowing/acknowledging their physical limitations and getting into an accident.
I just don't get this "don't be on the stupid people's side", because "it's a jungle out there and life is the survival of the fittest". If I told you that I made a living by tricking old people into letting me into their homes, tying them up, and then steal

I don't understand how people getting scammed in some way through the Internet is somehow so different from a telephone or a face-to-face meeting.

i'll tell you the difference. in real life, if i'd go to a ghetto neighborhood and start talking to the "wrong people" there and then get in trouble (get shot, beaten up, sold drugs, arrested by police, etc.), who in the world would say that it's not my fault to go somewhere knowing that it's a dangerous place to go to? that's the equivalent of going to zango or

If you walk down a dark alley at night and someone cuts your throat... you may be stupid, but that doesn't mean the throat-cutter gets a pass. You are stupid.. you are dead = good. Throat-cutter is mean.. throat-cutter is punished = good.

See.. easy analogy to the rescue.. stupid people are punished for being stupid AND mean people are punished for being mean. That is the law of the jungle. The jungle cat!

One of main reasons that Zango got nailed (as the well should be) is because of stealth installs. Those Leet Haxxors are not only bundling Zango shit along with those lovely virii and trojan when you visit their often innocent looking websites. One a few months back was a hacked World Wresting Entertainment site. Zango knows full well that the majority of their income comes from these often unwanted installs.They knew that the Install yes/no boxes are pre-ticked yes so you accidentally click it and recieve

Yeah sure, they deserve it. Anyone that thinks that they might be able to download something cool from the Internet for free *deserves* to have their machine maliciously invaded and "thrashed". That's what they get for believing something that is offered to them.

People shouldn't trust free things in the regular world. Why would it magically be safer on the internet?

Also, every random grandma got cleaned out by a phishing scam also deserves it. I'm sure that dumb old bag deserved it.. couldn't she se

People shouldn't trust free things in the regular world. Why would it magically be safer on the internet?

Taking something that isn't yours is wrong in the regular world, but if you believe the posts on Slashdot, doing it on the Internet is moral and just. Apparently there is some sort of magic dichotomy in effect.

Taking something that isn't yours is wrong in the regular world, but if you believe the posts on Slashdot, doing it on the Internet is moral and just. Apparently there is some sort of magic dichotomy in effect.

I wasn't talking about stealing. I meant more along the lines of "Here little boy, come closer to my van so I can give you some candy."

Actually no. I remember a time long ago when there was tons of free software out there you could trust. I'm not talking about the open-source stuff (which I generally still trust when it's from SF.net or freshmeat), but demos, freeware utilities, shareware games, freeware episodes, etc.

There was a ton of free stuff out there without spyware, adware, or malware of any sort. Yes, you could get free screensavers (though many sucked). You could get free games (though most were demos). Nowadays, I see lots of

Just fining these guys isn't going to make the problem go away. Unfortunately, I heard somewhere that the FTC doesn't have the power to shut down shit like this, you need the Department of Justice to do that. The only good thing about the FTC ruling is that it opens the door and provides good cause to get the DOJ involved. Whether that actually happens is another story.

Speaking in general, without reference to any specific individual or corporation, I'll add these comments about the adware/spyware industry:

The reason adware companies do everything they can to make it difficult to remove their software is because they're in a hurry: they are making a lot of money very quickly, and they know that what they're doing will be illegal soon. When that happens, they want to be both rich and gone.

Many whom use P2P software shrug of adware as the cost of getting "free" songs or

What you have to do is applying recursive fines.
Those guys enjoy using lots of "sub-contractors" to "share responsibility" for the inherently evil actions.
Instead of applying a fine of 3 millions on the 1st guy in the chain, they should apply similar fines to all the nodes in the tree. So if there are 16 contractors in all, 3 millions each.
This would effectively fight the problem bottom-up. Since the small contractors make less money individually than the root company, they would suffer immediate bank

Why not just have George W just make a law/royal decree that all adware and spyware makers are terrorists! Then he could just imprision them without any due process, and take all their property. This problem of spyware and adware could be cleared up (From the US side anyway) quickly!

The Republican Party in Tennessee has commissioned a third party to generate disgusting ads against Democrat Harold Ford, Jr. This allows the Republicans themselves to announce that they, too, are "shocked" by the grossness of the ads while stating that they have no control over them and that it would be against the law for them to intervene. Hmm...adware companies and Republicans seem to be more alike than previously thought.

...'But spyware researcher Ben Edelman doubts that the company has reformed its ways. "I commend the FTC's efforts here, but serious diligence will be required to assure that [the company] actually complies with its many obligations under the settlement," Edelman said in an e-mail on Friday. "At this instant, I am confident that [the company] is not in compliance."...